FreeBSD, enterprise open source stuff, network and system security. I'm by no means an expert software developer, but I've been using PHP since 1995 and can find the bathroom on my own. Bourne shell and awk since the 1980s. My Telebit Worldblazer and serial breakout box are still in good working order. :/

SSH keypair generation: RSA or DSA?While FIPS 186-2 stated a 1024 bit requirement for DSA keys, the current FIPS 186 is FIPS 186-3, which explicitly allows for longer keys. While it looks as if the ssh-keygen documentation hasn't kept pace with the current FIPS standard, that affects the validity of standard not at all.

May15

comment

How do know if I can SSH in servers?What are these servers used for? I.e. what is the "master list" that must always get updated regardless of the state of other documents? DNS? /etc/ethers? dhcpd.conf? Or are all hosts simply on the same subnet?

CNAME for top of domain?I should point out that EVERY domain is a "subdomain". example.com is a subdomain of com, and com is a subdomain of .. Any limitations put in place by your ISP are put in place by your ISP and perhaps the registrar, not by the underlying technology.

Unix: how can I change Program's running user and running group?@hhh - your question used Apache as an example, but asked for a generic case. I provided that, including a reference to the only ubiquitous shell command that can be used to set your userid, but my answer is "too generic", and you think this deserves a downvote, despite the fact that my answer contains no errors or misinformation? Wow. I'll be sure to skip spending any effort on your future questions.

Aug20

comment

Unix: how can I change Program's running user and running group?@hhh - If you installed Apache from its package (i.e. using apt-get or equivalent), then the package's install script probably created the necessary user and group for Apache's privilege separation. It's almost always a better idea to use a distro's "approved" and "supported" packages and methods rather than rolling your own. If you're writing new server software, consider having its install process create a new user just to own the files manipulated by the server. If privileged access is required for low-numbered ports or log manipulation, follow Apache's example, with a stub and children.